Introduction
Starting 20.4 release, we have removed the support for unhide viptela_internal command which let (TAC) Engineers troubleshoot the customer issues. unhide viptela_internal is no longer a valid command and any of the previously hidden commands that remain for field, use are either “support” commands, are have been made fully supported commands.
Background
There are MANY hidden commands. If you go to a Viptela device CLI you will not see “show internal” or “request internal” or “tools internal”. But if you type “unhide viptela_internal” and then provide the password ” ", you will then be able to see those. And underneath them are many more commands, all usually hidden and none of them are documented. This is considered a security violation under Cisco rules. Because this is not documented, it is considered a back door. Because there is a password, it appears to be a more serious back door. And this password has been posted (by others) online.
Also note, in 19.2.3, 20.1.2. 20.3.1 and 20.3.2, we no longer user "unhite viptela_internal" to access. Instead, use "unhide full". The password is the same as used with viptela_internal. See CSCvt00497 
for more information.
With CSCwa45995: We are removing all traces of "unhide viptela internal" from the cEdge platform. As part of removing hidden config (which could be exposed via unhide command), some commands were missed on polaris. With this CDETS, we will be removing all instances of "viptela_internal" hidegroup from the code.
External Notification
The following CCO link is posted externally.
For the reasons mentioned above, the password and the list of hidden commands are published in below link.
20.4 and after
vEdge# unhide viptela_internal
Error: unknown hide group
Any of the previously hidden commands that remain for field use, are moved under the support option
There may be some commands that could be missing. See below for more information.
vEdge# tools support ?
Possible completions:
fp-dump Perform fp-dump on a network interface
vEdge#
vEdge# show support ?
Possible completions:
cellular cellular support commands
cloudexpress cloudexpress support commands
control DTLS support shell commands
dhcp DHCP support commands
dnsd dnsd support commands
dpi dpi support commands
filter filter support commands
fp Fast-path support commands
ftm ftm support commands
nat nat support commands
omp OMP support commands
pim pim support commands
resolv resolvd support commands
tracker tracker support commands
ttm TTM support commands
vrrp VRRP support commands
vEdge#
vEdge# request support ?
Possible completions:
cellular
debug-malloc Malloc-trim in a daemon
fp
router-advertisement Enable/Disable Ipv6 Router Advertisements tx/rx interface
software
tcpopt
vdebug Control vdebug RAM disk logging
vEdge#
For UnPinning of flows on vE2K
vEdge# request support fp unpin-flowsMoving the deivce to vManaged mode or not
Currently there is no option to move the device in or out of vManage mode. This option is not directly available to the customer. It requires the use of 'unhide viptela_internal', and then from config mode running 'no system is-vmanaged'.
In 20.4, this is missing. CSCvx23574 is opened to track this. This will address for both cEdge and vEdge platforms.
Capturing (existing) Internal commands
Below are the tools, show and request internal commands as taken from 20.3.1 node.
show internal
vEdge# show internal ?
Possible completions:
admin-tech Admin-tech commands
app-route
cellular
cfgmgr Configuration Manager shell commands
cflowd
cloudexpress cloudexpress commands
control DTLS shell commands
cxp-app
dbgd
dhcp DHCP shell commands
dnsd dnsd commands
dot1x
dpi dpi commands
filter
flow-db Flow Database
flow-summary Flow Database Summary
fp Fast-path shell commands
fpm
ftm
gps
igmp
nat
omp OMP shell commands
pim
policy Policy shell commands
resolv
rtm RTM shell commands
server-app
snmp SNMP shell commands
sysmgr
system
tcpopt-db
tcpopt-tcpd
tracker Tracker shell commands
ttm TTM shell commands
tunnel
vrrp VRRP shell commands
wlan
zbf
vEdge#
request internal
vEdge# request internal ?
Possible completions:
cloudexpress Cloudexpress related tools command
embargo vEdge embargo check
fec
fp-dump Perform fp-dump on a network interface
ftm
interface-reset
live-core Generate non-disruptive coredump of a running process
malloc-trim Malloc-trim in a daemon
reset Reset system or logs
software
tcpopt
vdebug Control vdebug RAM disk logging
vedge-cloud vEdge cloud internal commands
vEdge#
tools internal
vEdge# tools internal ?
Possible completions:
clean_db Remove vManage data
csr_read Reading cavium registers.
csr_write Writing into cavium registers.
ethtool ethtool
firmware-printenv Display environment variables.
fp-dump Perform fp-dump on a network interface
hostapd_cli hostapd_cli
i2cdetect i2cdetect tool.(Only for Mips)
i2cdump i2cdump tool.
i2cget i2cget tool. (only for Mips)
i2cset i2cset tool.
mdio-read mdio-read
mdio-write mdio-write
mii-tool mii-tool
oui-lookup Perform OUI lookup for show arp.
poe-tool poe-tool
process_id Find process ID.
remove_tenancy Remove Tenancy file on vManage
tlv_tool TLV tool.(Only for Mips)
touch_test_root Create or remove /usr/share/viptela/test_root for allowing any root cert for sw vedges.
tracker Add Latency on the interface for tracker packets
valgrind_tool Enable valgrind on a process.
vEdge#
No comments:
Post a Comment